AT&T had posted iPad users' data on the
Web, where the information could be accessed by anyone who figured out the correct URLs. Auernheimer and another hacker did so, and sent some of the email addresses to Gawker, in hopes of persuading
AT&T to patch the hole. Gawker reported on the security glitch and published some of the information.

For these acts, Auernheimer was convicted of computer fraud and identity theft. Today,
he was sentenced to 41 months in federal prison.

Auernheimer anticipated that a judge would send him to jail. Immediately before today's sentencing hearing he said as much at a press
conference, where he reportedly told reporters, "I'm going to jail for doing arithmetic."

Auernheimer admittedly isn't the most sympathetic defendant. In addition to a long history as an online troll, he's made some pretty stupid comments about his case. Consider, last night, he posted
the following statement on Reddit: "My regret is being nice enough to give AT&T a
chance to patch before dropping the dataset to Gawker. I won’t nearly be as nice next time.”

But regardless of how anyone feels about Auernheimer personally, prosecuting him for
blowing the whistle on AT&T's poor security practices doesn't serve to protect consumers from fraud. If anything, it will have the opposite effect, given that many independent security researchers
arguably violate the computer fraud law in the course of investigating flaws.

"I have little respect for Weev, but we should all be terrified that guessing a URL can get you 3.5 years of
jailtime," tech entrepreneur Anil Dash tweeted this morning.

Wired adds that numerous researchers have used
Auernheimer's methods to expose vulnerabilities.

And countless computer-savvy people have uncovered security flaws by "hacking" into sites without calling their findings to public attention.
Consider, Twitter founder Jack Dorsey acknowledged last night on the TV show "60 Minutes"
that he landed a job after finding a security hole in a company's site, and then notifying them of it.

"Is that the same thing as hacking?" Lara Logan asked Dorsey.

Dorsey acknowledged
that it was, but denied that he committed a crime.

"Weev is facing more than three years in prison
because he pointed out that a company failed to protect its users' data, even though his actions didn't harm anyone," EFF senior staff attorney Marcia Hofmann said today in a blog post. "The
punishments for computer crimes are seriously off-kilter, and Congress needs to fix them.

EFF attorney Hanni Fakhoury added: "Congress should amend the CFAA to make sure we don't have more
Aaron Swartzes and Andrew Auernheimers in the future."

Earlier this year, Aaron Swartz's suicide spurred a movement to revisit those laws. Swartz was facing trial for hacking into servers run
by the Massachusetts Institute of Technology in order to download academic articles. He hanged himself after plea negotiations broke down.

Auernheimer is appealing his conviction to the 3rd
Circuit Court of Appeals. The EFF will help represent him on appeal.

we all need to help fight this! Did his lawyer no that he was doing i dont think so. This new law need to be changed. Before you know it getting any inf. from the net they dont want you to have will put you in jail. Even the FBI has persons doing crimes. Who but us can point that out. Now its a crime to help out? and do whats right. how do you know where's the line? Call them and ask.